netlink

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2015 License: Apache-2.0, Apache-2.0 Imports: 10 Imported by: 0

README

Build Status GoDoc

The netlink package provides a simple netlink library for go. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set ip addresses and routes, and configure ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. Since low-level netlink messages are inscrutable at best, the library attempts to provide an api that is loosely modeled on the CLI provied by iproute2. Actions like ip link add will be accomplished via a similarly named function like AddLink(). This library began its life as a fork of the netlink functionality in docker/libcontainer but was heavily rewritten to improve testability, performance, and to add new functionality like ipsec xfrm handling.

Local Build and Test

You can use go get command:

go get github.com/vishvananda/netlink

Testing dependencies:

go get github.com/vishvananda/netns

Testing (requires root):

sudo -E go test github.com/vishvananda/netlink

Examples

Add a new bridge and add eth1 into it:

package main

import (
    "net"
    "github.com/vishvananda/netlink"
)

func main() {
    la := netlink.NewLinkAttrs()
    la.Name = "foo"
    mybridge := &netlink.Bridge{la}}
    _ := netlink.LinkAdd(mybridge)
    eth1, _ := netlink.LinkByName("eth1")
    netlink.LinkSetMaster(eth1, mybridge)
}

Note NewLinkAttrs constructor, it sets default values in structure. For now it sets only TxQLen to -1, so kernel will set default by itself. If you're using simple initialization(LinkAttrs{Name: "foo"}) TxQLen will be set to 0 unless you specify it like LinkAttrs{Name: "foo", TxQLen: 1000}.

Add a new ip address to loopback:

package main

import (
    "net"
    "github.com/vishvananda/netlink"
)

func main() {
    lo, _ := netlink.LinkByName("lo")
    addr, _ := netlink.ParseAddr("169.254.169.254/32")
    netlink.AddrAdd(lo, addr)
}

Future Work

Many pieces of netlink are not yet fully supported in the high-level interface. Aspects of virtually all of the high-level objects don't exist. Many of the underlying primitives are there, so its a matter of putting the right fields into the high-level objects and making sure that they are serialized and deserialized correctly in the Add and List methods.

There are also a few pieces of low level netlink functionality that still need to be implemented. Routing rules are not in place and some of the more advanced link types. Hopefully there is decent structure and testing in place to make these fairly straightforward to add.

Documentation

Overview

Package netlink provides a simple library for netlink. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set up ip addresses and routes, and confiugre ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. The low level primitives for netlink are contained in the nl subpackage. This package attempts to provide a high-level interface that is loosly modeled on the iproute2 cli.

Index

Constants

View Source 
const (
	// Family type definitions
	FAMILY_ALL = nl.FAMILY_ALL
	FAMILY_V4  = nl.FAMILY_V4
	FAMILY_V6  = nl.FAMILY_V6
)
View Source 
const (
	HANDLE_NONE      = 0
	HANDLE_INGRESS   = 0xFFFFFFF1
	HANDLE_ROOT      = 0xFFFFFFFF
	PRIORITY_MAP_LEN = 16
)

Variables

View Source 
var (
	ErrNotImplemented = errors.New("not implemented")
)

Functions

func AddrAdd 

func AddrAdd(link *Link, addr *Addr) error

func AddrDel 

func AddrDel(link *Link, addr *Addr) error

func HandleStr 

func HandleStr(handle uint32) string

func LinkAdd 

func LinkAdd(link *Link) error

func LinkDel 

func LinkDel(link *Link) error

func LinkSetDown 

func LinkSetDown(link *Link) error

func LinkSetMTU 

func LinkSetMTU(link *Link, mtu int) error

func LinkSetMaster 

func LinkSetMaster(link *Link, master *Link) error

func LinkSetNsFd 

func LinkSetNsFd(link *Link, fd int) error

func LinkSetNsPid 

func LinkSetNsPid(link *Link, nspid int) error

func LinkSetUp 

func LinkSetUp(link *Link) error

func MajorMinor 

func MajorMinor(handle uint32) (uint16, uint16)

func MakeHandle 

func MakeHandle(major, minor uint16) uint32

func NeighAdd 

func NeighAdd(neigh *Neigh) error

func NeighAppend 

func NeighAppend(neigh *Neigh) error

func NeighDel 

func NeighDel(neigh *Neigh) error

func NeighDeserialize 

func NeighDeserialize(m []byte) (*Ndmsg, *Neigh, error)

func NeighSet 

func NeighSet(neigh *Neigh) error

func NewIPNet 

func NewIPNet(ip net.IP) *net.IPNet

NewIPNet generates an IPNet from an ip address using a netmask of 32.

func ParseIPNet 

func ParseIPNet(s string) (*net.IPNet, error)

ParseIPNet parses a string in ip/net format and returns a net.IPNet. This is valuable because addresses in netlink are often IPNets and ParseCIDR returns an IPNet with the IP part set to the base IP of the range.

func RouteAdd 

func RouteAdd(route *Route) error

func RouteDel 

func RouteDel(route *Route) error

func SetFastLeave 

func SetFastLeave(link Link, mode bool) error

func SetFlood 

func SetFlood(link Link, mode bool) error

func SetGuard 

func SetGuard(link Link, mode bool) error

func SetHairpin 

func SetHairpin(link Link, mode bool) error

func SetLearning 

func SetLearning(link Link, mode bool) error

func SetRootBlock 

func SetRootBlock(link Link, mode bool) error

func XfrmPolicyAdd 

func XfrmPolicyAdd(policy *XfrmPolicy) error

func XfrmPolicyDel 

func XfrmPolicyDel(policy *XfrmPolicy) error

func XfrmStateAdd 

func XfrmStateAdd(policy *XfrmState) error

func XfrmStateDel 

func XfrmStateDel(policy *XfrmState) error

Types

type Addr 

type Addr struct {
	*net.IPNet
	Label string
}

Addr represents an IP address from netlink. Netlink ip addresses include a mask, so it stores the address as a net.IPNet.

func AddrList 

func AddrList(link *Link, family int) ([]Addr, error)

func ParseAddr 

func ParseAddr(s string) (*Addr, error)

ParseAddr parses the string representation of an address in the form $ip/$netmask $label. The label portion is optional

func (Addr) Equal 

func (a Addr) Equal(x Addr) bool

Equal returns true if both Addrs have the same net.IPNet value.

func (Addr) String 

func (a Addr) String() string

String returns $ip/$netmask $label

type Bridge 

type Bridge struct {
	LinkAttrs
}

Bridge links are simple linux bridges

func (*Bridge) Attrs 

func (bridge *Bridge) Attrs() *LinkAttrs

func (*Bridge) Type 

func (bridge *Bridge) Type() string

type Device 

type Device struct {
	LinkAttrs
}

Device links cannot be created via netlink. These links are links created by udev like 'lo' and 'etho0'

func (*Device) Attrs 

func (device *Device) Attrs() *LinkAttrs

func (*Device) Type 

func (device *Device) Type() string

type Dir 

type Dir uint8

Dir is an enum representing an ipsec template direction. 

const (
	XFRM_DIR_IN Dir = iota
	XFRM_DIR_OUT
	XFRM_DIR_FWD
	XFRM_SOCKET_IN
	XFRM_SOCKET_OUT
	XFRM_SOCKET_FWD
)

func (Dir) String 

func (d Dir) String() string

type Dummy 

type Dummy struct {
	LinkAttrs
}

Dummy links are dummy ethernet devices

func (*Dummy) Attrs 

func (dummy *Dummy) Attrs() *LinkAttrs

func (*Dummy) Type 

func (dummy *Dummy) Type() string

type EncapType 

type EncapType uint8

EncapType is an enum representing an ipsec template direction. 

const (
	XFRM_ENCAP_ESPINUDP_NONIKE EncapType = iota + 1
	XFRM_ENCAP_ESPINUDP
)

func (EncapType) String 

func (e EncapType) String() string

type Filter 

type Filter interface {
	Attrs() *FilterAttrs
	Type() string
}

type FilterAttrs 

type FilterAttrs struct {
	LinkIndex int
	Handle    uint32
	Parent    uint32
	Priority  uint16 // lower is higher priority
	Protocol  uint16 // syscall.ETH_P_*
}

Filter represents a netlink filter. A filter is associated with a link, has a handle and a parent. The root filter of a device should have a parent == HANDLE_ROOT.

func (FilterAttrs) String 

func (q FilterAttrs) String() string

type GenericFilter 

type GenericFilter struct {
	FilterAttrs
	FilterType string
}

GenericFilter filters represent types that are not currently understood by this netlink library.

func (*GenericFilter) Attrs 

func (filter *GenericFilter) Attrs() *FilterAttrs

func (*GenericFilter) Type 

func (filter *GenericFilter) Type() string
type GenericLink struct {
	LinkAttrs
	LinkType string
}

GenericLink links represent types that are not currently understood by this netlink library.

func (*GenericLink) Attrs 

func (generic *GenericLink) Attrs() *LinkAttrs

func (*GenericLink) Type 

func (generic *GenericLink) Type() string

type GenericQdisc 

type GenericQdisc struct {
	QdiscAttrs
	QdiscType string
}

GenericQdisc qdiscs represent types that are not currently understood by this netlink library.

func (*GenericQdisc) Attrs 

func (qdisc *GenericQdisc) Attrs() *QdiscAttrs

func (*GenericQdisc) Type 

func (qdisc *GenericQdisc) Type() string

type IPVlan 

type IPVlan struct {
	LinkAttrs
	Mode IPVlanMode
}

func (*IPVlan) Attrs 

func (ipvlan *IPVlan) Attrs() *LinkAttrs

func (*IPVlan) Type 

func (ipvlan *IPVlan) Type() string

type IPVlanMode 

type IPVlanMode uint16
const (
	IPVLAN_MODE_L2 IPVlanMode = iota
	IPVLAN_MODE_L3
	IPVLAN_MODE_MAX
)

type Ifb 

type Ifb struct {
	LinkAttrs
}

Ifb links are advanced dummy devices for packet filtering

func (*Ifb) Attrs 

func (ifb *Ifb) Attrs() *LinkAttrs

func (*Ifb) Type 

func (ifb *Ifb) Type() string

type Ingress 

type Ingress struct {
	QdiscAttrs
}

Ingress is a qdisc for adding ingress filters

func (*Ingress) Attrs 

func (qdisc *Ingress) Attrs() *QdiscAttrs

func (*Ingress) Type 

func (qdisc *Ingress) Type() string
type Link interface {
	Attrs() *LinkAttrs
	Type() string
}

Link represents a link device from netlink. Shared link attributes like name may be retrieved using the Attrs() method. Unique data can be retrieved by casting the object to the proper type. 

func LinkList() ([]Link, error)

type LinkAttrs 

type LinkAttrs struct {
	Index        int
	MTU          int
	TxQLen       int // Transmit Queue Length
	Name         string
	HardwareAddr net.HardwareAddr
	Flags        net.Flags
	ParentIndex  int         // index of the parent link device
	MasterIndex  int         // must be the index of a bridge
	Namespace    interface{} // nil | NsPid | NsFd
}

LinkAttrs represents data shared by most link types

func NewLinkAttrs 

func NewLinkAttrs() LinkAttrs

NewLinkAttrs returns LinkAttrs structure filled with default values

type Macvlan 

type Macvlan struct {
	LinkAttrs
	Mode MacvlanMode
}

Macvlan links have ParentIndex set in their Attrs()

func (*Macvlan) Attrs 

func (macvlan *Macvlan) Attrs() *LinkAttrs

func (*Macvlan) Type 

func (macvlan *Macvlan) Type() string

type MacvlanMode 

type MacvlanMode uint16
const (
	MACVLAN_MODE_DEFAULT MacvlanMode = iota
	MACVLAN_MODE_PRIVATE
	MACVLAN_MODE_VEPA
	MACVLAN_MODE_BRIDGE
	MACVLAN_MODE_PASSTHRU
	MACVLAN_MODE_SOURCE
)

type Macvtap 

type Macvtap struct {
	Macvlan
}

Macvtap - macvtap is a virtual interfaces based on macvlan

func (Macvtap) Type 

func (macvtap Macvtap) Type() string

type Mode 

type Mode uint8

Mode is an enum representing an ipsec transport. 

const (
	XFRM_MODE_TRANSPORT Mode = iota
	XFRM_MODE_TUNNEL
	XFRM_MODE_ROUTEOPTIMIZATION
	XFRM_MODE_IN_TRIGGER
	XFRM_MODE_BEET
	XFRM_MODE_MAX
)

func (Mode) String 

func (m Mode) String() string

type Neigh 

type Neigh struct {
	LinkIndex    int
	Family       int
	State        int
	Type         int
	Flags        int
	IP           net.IP
	HardwareAddr net.HardwareAddr
}

Neigh represents a link layer neighbor from netlink.

func NeighList 

func NeighList(linkIndex, family int) ([]Neigh, error)

func (*Neigh) String 

func (neigh *Neigh) String() string

String returns $ip/$hwaddr $label

type NsFd 

type NsFd int

type NsPid 

type NsPid int

type PfifoFast 

type PfifoFast struct {
	QdiscAttrs
	Bands       uint8
	PriorityMap [PRIORITY_MAP_LEN]uint8
}

PfifoFast is the default qdisc created by the kernel if one has not been defined for the interface

func (*PfifoFast) Attrs 

func (qdisc *PfifoFast) Attrs() *QdiscAttrs

func (*PfifoFast) Type 

func (qdisc *PfifoFast) Type() string

type Prio 

type Prio struct {
	QdiscAttrs
	Bands       uint8
	PriorityMap [PRIORITY_MAP_LEN]uint8
}

Prio is a basic qdisc that works just like PfifoFast

func NewPrio 

func NewPrio(attrs QdiscAttrs) *Prio

func (*Prio) Attrs 

func (qdisc *Prio) Attrs() *QdiscAttrs

func (*Prio) Type 

func (qdisc *Prio) Type() string

type Protinfo 

type Protinfo struct {
	Hairpin   bool
	Guard     bool
	FastLeave bool
	RootBlock bool
	Learning  bool
	Flood     bool
}

Protinfo represents bridge flags from netlink.

func (*Protinfo) String 

func (prot *Protinfo) String() string

String returns a list of enabled flags

type Proto 

type Proto uint8

Proto is an enum representing an ipsec protocol. 

const (
	XFRM_PROTO_ROUTE2    Proto = syscall.IPPROTO_ROUTING
	XFRM_PROTO_ESP       Proto = syscall.IPPROTO_ESP
	XFRM_PROTO_AH        Proto = syscall.IPPROTO_AH
	XFRM_PROTO_HAO       Proto = syscall.IPPROTO_DSTOPTS
	XFRM_PROTO_COMP      Proto = syscall.IPPROTO_COMP
	XFRM_PROTO_IPSEC_ANY Proto = syscall.IPPROTO_RAW
)

func (Proto) String 

func (p Proto) String() string

type Qdisc 

type Qdisc interface {
	Attrs() *QdiscAttrs
	Type() string
}

type QdiscAttrs 

type QdiscAttrs struct {
	LinkIndex int
	Handle    uint32
	Parent    uint32
	Refcnt    uint32 // read only
}

Qdisc represents a netlink qdisc. A qdisc is associated with a link, has a handle, a parent and a refcnt. The root qdisc of a device should have parent == HANDLE_ROOT.

func (QdiscAttrs) String 

func (q QdiscAttrs) String() string

type Route 

type Route struct {
	LinkIndex int
	Scope     Scope
	Dst       *net.IPNet
	Src       net.IP
	Gw        net.IP
}

Route represents a netlink route. A route is associated with a link, has a destination network, an optional source ip, and optional gateway. Advanced route parameters and non-main routing tables are currently not supported.

func RouteList 

func RouteList(link *Link, family int) ([]Route, error)

func (Route) String 

func (r Route) String() string

type Scope 

type Scope uint8

Scope is an enum representing a route scope. 

const (
	SCOPE_UNIVERSE Scope = syscall.RT_SCOPE_UNIVERSE
	SCOPE_SITE     Scope = syscall.RT_SCOPE_SITE
	SCOPE_LINK     Scope = syscall.RT_SCOPE_LINK
	SCOPE_HOST     Scope = syscall.RT_SCOPE_HOST
	SCOPE_NOWHERE  Scope = syscall.RT_SCOPE_NOWHERE
)

type Tbf 

type Tbf struct {
	QdiscAttrs
	// TODO: handle 64bit rate properly
	Rate   uint64
	Limit  uint32
	Buffer uint32
}

Tbf is a classful qdisc that rate limits based on tokens

func (*Tbf) Attrs 

func (qdisc *Tbf) Attrs() *QdiscAttrs

func (*Tbf) Type 

func (qdisc *Tbf) Type() string

type U32 

type U32 struct {
	FilterAttrs
	// Currently only supports redirecting to another interface
	RedirIndex int
}

U32 filters on many packet related properties

func (*U32) Attrs 

func (filter *U32) Attrs() *FilterAttrs

func (*U32) Type 

func (filter *U32) Type() string

type Veth 

type Veth struct {
	LinkAttrs
	PeerName string // veth on create only
}

Veth devices must specify PeerName on create

func (*Veth) Attrs 

func (veth *Veth) Attrs() *LinkAttrs

func (*Veth) Type 

func (veth *Veth) Type() string

type Vlan 

type Vlan struct {
	LinkAttrs
	VlanId int
}

Vlan links have ParentIndex set in their Attrs()

func (*Vlan) Attrs 

func (vlan *Vlan) Attrs() *LinkAttrs

func (*Vlan) Type 

func (vlan *Vlan) Type() string

type Vxlan 

type Vxlan struct {
	LinkAttrs
	VxlanId      int
	VtepDevIndex int
	SrcAddr      net.IP
	Group        net.IP
	TTL          int
	TOS          int
	Learning     bool
	Proxy        bool
	RSC          bool
	L2miss       bool
	L3miss       bool
	NoAge        bool
	GBP          bool
	Age          int
	Limit        int
	Port         int
	PortLow      int
	PortHigh     int
}

func (*Vxlan) Attrs 

func (vxlan *Vxlan) Attrs() *LinkAttrs

func (*Vxlan) Type 

func (vxlan *Vxlan) Type() string

type XfrmPolicy 

type XfrmPolicy struct {
	Dst      *net.IPNet
	Src      *net.IPNet
	Dir      Dir
	Priority int
	Index    int
	Tmpls    []XfrmPolicyTmpl
}

XfrmPolicy represents an ipsec policy. It represents the overlay network and has a list of XfrmPolicyTmpls representing the base addresses of the policy.

func XfrmPolicyList 

func XfrmPolicyList(family int) ([]XfrmPolicy, error)

type XfrmPolicyTmpl 

type XfrmPolicyTmpl struct {
	Dst   net.IP
	Src   net.IP
	Proto Proto
	Mode  Mode
	Reqid int
}

XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec policy. These rules are matched with XfrmState to determine encryption and authentication algorithms.

type XfrmState 

type XfrmState struct {
	Dst          net.IP
	Src          net.IP
	Proto        Proto
	Mode         Mode
	Spi          int
	Reqid        int
	ReplayWindow int
	Auth         *XfrmStateAlgo
	Crypt        *XfrmStateAlgo
	Encap        *XfrmStateEncap
}

XfrmState represents the state of an ipsec policy. It optionally contains an XfrmStateAlgo for encryption and one for authentication.

func XfrmStateList 

func XfrmStateList(family int) ([]XfrmState, error)

type XfrmStateAlgo 

type XfrmStateAlgo struct {
	Name        string
	Key         []byte
	TruncateLen int // Auth only
}

XfrmStateAlgo represents the algorithm to use for the ipsec encryption.

type XfrmStateEncap 

type XfrmStateEncap struct {
	Type            EncapType
	SrcPort         int
	DstPort         int
	OriginalAddress net.IP
}

XfrmEncap represents the encapsulation to use for the ipsec encryption.

Source Files

  • addr.go
  • filter.go
  • link.go
  • neigh.go
  • netlink.go
  • netlink_unspecified.go
  • protinfo.go
  • qdisc.go
  • route.go
  • xfrm.go
  • xfrm_policy.go
  • xfrm_state.go

Directories

Path Synopsis
Package nl has low level primitives for making Netlink calls.
 Package nl has low level primitives for making Netlink calls.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.